AWS Integration
The AWS Integration connects your AWS organization to Infracost Cloud, giving Infracost read-only access to your AWS account metadata. This enables visibility into actual cloud costs and usage across your organization alongside your infrastructure-as-code cost estimates.
This integration requires access to your AWS organization's management account. Contact support@infracost.io if you have questions before getting started.
Prerequisites
- Access to the AWS console on your AWS organization's management account
- Permission to create IAM roles and policies in that account
- Your Infracost Organization ID - found in Infracost Cloud under Org Settings
1. Deploy Infracost cross-account link
The AWS Integration uses a Terraform module to provision a read-only IAM role in your management account. Infracost uses this role to access the data needed to power cost visibility features.
Add the following to your Terraform configuration:
module "infracost_management_account" {
source = "github.com/infracost/cross-account-link?ref=v0.8.0"
infracost_external_id = "YOUR_INFRACOST_ORGANIZATION_ID"
is_management_account = true
providers = {
aws = aws.management_account
}
}
Replace YOUR_INFRACOST_ORGANIZATION_ID with the value from your Org Settings page, then run:
terraform init
terraform apply
Once applied, Terraform will output a cross-account-link role ARN - keep this handy for the next step.
2. Send your details to Infracost
After deploying the module, share the following details with your Infracost product contact or support@infracost.io:
| Field | Example |
|---|---|
| Infracost Organization ID | 400a1193-ecf4-4162-bab3-bfdf77b20d69 |
| Cross-account-link role ARN | arn:aws:iam::988896524719:role/infracost-readonly-988896524719 |
| AWS management account ID | 988896524719 |
| AWS management account region | us-east-1 |
That's it! Infracost will confirm once the integration is active.
Optional: Enable cost and usage data exports
For deeper visibility into actual AWS spend, including individual billing line items and S3 usage metrics — you can configure data exports to S3 buckets that Infracost will ingest:
module "infracost_management_account" {
source = "github.com/infracost/cross-account-link?ref=v0.8.0"
infracost_external_id = "YOUR_INFRACOST_ORGANIZATION_ID"
is_management_account = true
enable_data_exports = true # <-- Set this variable to true
providers = {
aws = aws.management_account
}
}
This will spin up the configuration and storage for two exports:
- FOCUS 1.2 billing data.
- S3 StorageLens data.
This is optional additional configuration. The data exports are read periodically by Infracost, which may incur minor AWS query costs (~$0.0004 per 1,000 S3 requests). S3 storage costs also apply.
After completing the export configuration, AWS can take upwards of 24 hours to populate the buckets with the first data exports.
Optional: provide custom data exports
If you intend to manage your own data exports or provide additional custom data to Infracost. You can enable Infracost access for specific S3 bucket ARNs. When doing so, please contact support@infracost.io to ensure your use case and configuration are supported.
module "infracost_management_account" {
source = "github.com/infracost/cross-account-link?ref=v0.8.0"
infracost_external_id = "YOUR_INFRACOST_ORGANIZATION_ID"
is_management_account = true
providers = {
aws = aws.management_account
}
s3_bucket_arns = [
"arn:aws:s3:::my-custom-export" # <-- Add any custom S3 ARNs
]
}
If taking this route, please provide the following details to Infracost:
| Field | Example |
|---|---|
| AWS S3 bucket ARN | arn:aws:s3:::my-custom-export |